Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
KubeCon + CloudNativeCon Europe 2022 Recap
299 Plays2 years ago
In this episode, Ryan and Bhavin talk about Kubecon + CloudNativeCon Europe 2022 and discuss all the vendor announcements from the past couple of weeks. Kubecon Europe had close to 7500 attendees and shows a continuous increase in the adoption of containers and Kubernetes. Below, you can find links to the things discussed during the podcast:
- The State of Cloud-Native Development Report - Q3 2021 (came out in May 2022): https://www.cncf.io/wp-content/uploads/2022/05/Q3-2021-State-of-Cloud-Native-development_FINAL.pdf
- Akuity raises $20M Series A to take Argo project next level: https://siliconangle.com/2022/05/16/kubernetes-startup-akuity-raises-20m-take-argo-project-next-level/
- Teleport raises $110M series C to $1.1B evaluation: https://goteleport.com/blog/series-c/
- Snapt launches Nova - https://aithority.com/it-and-devops/cloud/snapt-announces-the-one-security-package-to-run-kubernetes-in-public-cloud/
- Kasten K10 - v5: https://www.storagereview.com/news/kasten-k10-v5-0-offers-enhanced-kubernetes-security-and-more
- Datadog https://containerjournal.com/news/news-releases/datadog-enhances-monitoring-and-security-for-kubernetes/
- Sysdig launches Sysdig Advisor: https://containerjournal.com/kubecon-cnc-eu-2022/sysdig-introduces-sysdig-advisor-to-drastically-simplify-kubernetes-troubleshooting/
- Red Hat open sources StackRox: https://techcrunch.com/2022/05/17/red-hat-open-sources-stackrox-the-kubernetes-security-platform-it-acquired-last-year
- Portworx - PDS and BaaS - https://portworx.com/blog/announcing-general-availability-of-portworx-data-services/
https://portworx.com/blog/fast-and-simple-data-protection-with-portworx-backup-as-a-service/ - Datacore launches Bolt - based on OpenEBS after Mayadata acquisition - https://blocksandfiles.com/2022/05/18/datacore-bolt-kubernetes/
- Kubecost - 1 click Request Sizing to Automatically Optimize Kubernetes Clusters and Eliminate Wasted Spend - https://www.yahoo.com/now/kubecost-launches-1-click-request-060000724.html
- SUSE open sources NeuVector container security platform - https://containerjournal.com/features/suse-integrates-container-security-platform-with-rancher/
- Lacework - https://containerjournal.com/features/lacework-dives-deeper-into-kubernetes-security/
- NetApp Astra Data Store - https://blocksandfiles.com/2022/05/25/netapp-per-ardua-ad-as
Recommended
Transcript
Introduction to Kubernetes Bites
00:00:03
Speaker
You are listening to Kubernetes Bites, a podcast bringing you the latest from the world of cloud native data management. My name is Ryan Walner and I'm joined by Bob and Shaw coming to you from Boston, Massachusetts.
Podcast Agenda and Cloud-Native News
00:00:14
Speaker
We'll be sharing our thoughts on recent cloud native news and talking to industry experts about their experiences and challenges managing the wealth of data in today's cloud native ecosystem.
00:00:30
Speaker
Good morning, good afternoon, and good evening wherever you are. We're coming to you from Boston, Massachusetts. Today is Friday, May 27th, 2022. I hope everyone is doing well and staying safe.
AWS Summit Experience
00:00:42
Speaker
Let's dive into it. Bhavan, how are you? How have you been? I'm doing good. I know the topic for today's discussion is KubeCon. Unfortunately, I wasn't at KubeCon, but this week I was out at the AWS Summit in Washington, DC.
00:00:57
Speaker
I don't know, got a chance to talk to a lot of customers there talking about Kubernetes adoption. Didn't see as much as San Francisco, but a lot of government accounts and government organizations stopped by talking about Kubernetes and how that would help.
00:01:15
Speaker
It was a lot of fun, and I found a couple of good restaurants in DC, so I had a good time as well. DC is really cool when you're entrenched in downtown. Everything's walkable, really nice. I haven't been in quite some time, though, I think about it. I know. My previous DC trips were always doing the touristy things like walking around National Mall, and this time it was a completely different experience. I wasn't looking forward to the trip, but now I'm glad I went. Well, there you go. Everything's a surprise sometimes.
Personal Reflections and Weekend Plans
00:01:46
Speaker
Oh, nice. And I'm looking forward to the long weekend, right? Like, we'll record this, we'll put it out, and then everybody can enjoy it over the long weekend, and we can just take a break. So, yeah. I know, I know. The weather looks pretty good too. You know, it's always a hit or miss in May, but...
00:02:01
Speaker
Yeah, looking forward to a couple days as well. Nice. How about you? Well, A, I'm getting over COVID. That was fun. I think a lot of people at this point maybe have had it already, but this was my first time having it, which I'm thankful for vaccines because I feel like my symptoms were pretty minor, just pretty much cold symptoms.
00:02:27
Speaker
I think it's just day nine I was just telling you and I'm just getting over. I'm still a little nasally. It went through my whole family. My wife on the other hand is, you know, some kind of, you know, magician. Somebody lives with us. Yeah, it doesn't. I never got it and still it doesn't. And it went to my daughter and then
Career Changes and Future Plans
00:02:46
Speaker
me. So it's been like two weeks and I don't think she's going to get it at this point.
00:02:49
Speaker
Um, so, you know, that was, that's been sort of a bummer, but, uh, you know, that makes you get outside and do things alone. Uh, I went mountain biking, like that's how, you know, vaccines are doing great, you know, so you can still breathe. So thanks for that. Um, uh, as you know, I, I left pure storage, so I've been sort of slowing down, taking some time to do, uh, work on my side business and, um,
KubeCon Highlights
00:03:17
Speaker
maybe take up some contracting work, but right now just enjoying a little bit of a break as we go into the summer, which, you know, can't wait for that. Oh, yeah.
00:03:29
Speaker
So today's topic is KubeCon Recap. And we're going to talk all things news on KubeCon, what came out of KubeCon. I know many of you who were there had a blast. Valencia is awesome. I was in DockerCon. Barcelona, which is pretty close there. And I hope maybe some of you took the time to go right over
00:03:54
Speaker
to there to take a look at the F1 track that was set up for that weekend. I thought that was actually perfect where it's like it ends and you can extend your stay and go watch some racing. I did see a couple of board works employees show up at the track. Yeah, I mean, you're right there. You got to do it. So we're going to be talking all things news.
Cloud-Native Development Report
00:04:19
Speaker
So why don't we dive into it?
00:04:20
Speaker
Yeah, it has been a busy week, busy couple of weeks. The show now that COVID is for most parts done, the show was back in person. I think at North America, we had like 3,000 folks last year, but then KubeCon EMEA set that standard. I think they maxed out like 7,500 people. Wow. Yeah.
00:04:40
Speaker
So a lot of customers, a lot of partners, a lot of vendors out there. And this is just like all of this excitement just from social media. Like I wasn't there in person, but just looking at posts from all the different companies and all the different individuals that were there sounded really fun.
00:04:55
Speaker
masks were still on. So we'll see how people fared in terms of COVID, how many people got tested positive once the show was done. But talking about the show, right, the first thing that I wanted to highlight was a new state of cloud native development report came out in May 2022. And I just wanted to highlight like a couple of things that caught my eye. One of the stats, I think Priyanka, the executive director of CNCF also highlighted in her keynote was
00:05:25
Speaker
Because the global number of cloud native developers has grown from a million people to 7.1 million developers. That's it? 7.1 million developers are working with cloud native ecosystem. That's just crazy. 4.8 million of those are using container orchestration. 4.2 million are using serverless platforms, but still using microservices or containers to
00:05:50
Speaker
develop new applications and seven million. Wow. I like, okay. That just blew my mind. Like I had to talk about it. Like other open source ecosystems, like, uh, you know, open stack was huge. I wonder how it compares to that as well. Yeah. It'd be good stat to look up. Uh, if we find it, we'll put it in the show notes.
00:06:07
Speaker
Okay, I know. Yeah, I didn't think about that. Another thing that got my eye was they had a distribution of the different container orchestration systems that people were using. And for some reason, even though it was a CNCF report, like Amazon ECS leads that chart, like that was the most used container orchestration platform, which was again, surprising and something that I wanted to point out.
00:06:30
Speaker
The DIY or self-hosted clusters grew from last year. Now 30% of the respondents were using self-managed or DIY Kubernetes clusters instead of using a cloud service. And then the other vendors, your Amazon EKS, your Azure EKS, Google GKE, all of those guys are still there, still huge in market share, but these were the two highlights from that graph. And then if we split that up into further more detail, 52% of the cloud-native developers
00:07:00
Speaker
are running code in public cloud, 43% are running on-prem. At the very end of that chart, you will see that 6% are also running cloud-native apps on mainframes.
Funding and Enterprise Solutions
00:07:11
Speaker
Your container's on ZOS, right? I remember when that first came out and was a thing and we saw mainframe at Dockercons. I was like, hey, this just shows how portable and this technology is. Power to you, I guess.
00:07:28
Speaker
I think another thing from the report was the larger the size of the enterprise, the more chance or probability there is that the company and the developer is using cloud native systems and Kubernetes. So again, that just validates the point that bigger and bigger enterprises are already adopting Kubernetes and running it in production versus the smaller enterprises.
00:07:50
Speaker
Yeah, I kind of expected the on-prem numbers to be a little larger than the public cloud ones. They're pretty close in this report, but I definitely think we've seen a lot more adoption, at least from the storage space of Kubernetes on-prem. So that surprised me a little bit.
00:08:12
Speaker
And then, like our listeners know, we like to talk about funding rounds. We have a couple for you. Acuity, I hope I'm not butchering that name, raised
Security Trends at KubeCon
00:08:22
Speaker
like 20 million CDJ round to basically provide Argo to enterprises, like provide enterprise capabilities around Argo and provide enterprise support. So making sure that customers can use Argo to build and run cloud-native applications and workflows on Kubernetes and adopt that GitOps
00:08:41
Speaker
methodology. So that's one funding round. The second was Teleport. Teleport is around like is working on replacing or enhancing or modernizing security. So they want people to move away from secrets and move towards identity. And that's what this change looks like. They raised $110 million CDC round and they got valued at over a billion dollars. So they are our latest unicorn in the cloud native ecosystem. The latest billion dollar unicorn.
00:09:11
Speaker
But they have an interesting approach. Instead of issuing secrets to everyone, they want to make sure everything, a machine, a human, an application has an identity, and then all you have to do is secure the certificate authority. So it helps you narrow down your blast radius or narrow down the exposure surface, and then you can be more secure and still have these things. Talk to applications that you need to.
00:09:33
Speaker
Yeah, well, ultimately, you're having less touch points. So there's a lot of less vectors to come into play to attack there. I think it's a great idea. Honestly, when humans touch things, we jack things up. So I think if we can really apply it to just inherently how something works, I like that idea.
00:09:52
Speaker
Nice, and like teleport is one of the many vendors that had security based announcements. So, let's just go through the go through the all the security features and I think that was one of the key takeaways from kubecon like now people know how to run Kubernetes, but now everybody all the new vendors are focused on making it secure.
00:10:10
Speaker
And you will see that trend in the discussions or the announcements that we'll cover in this podcast as well. Like to start with, right? Snapped, it's a startup launched a service or launched a protocol Nova. It's a centrally managed application security platform that's designed for cloud native and hybrid environments and includes things like real time threat intelligence because again, you need to monitor your environment. It includes API level protection. It includes protection from bots.
00:10:38
Speaker
Just putting it out there for customers that are looking for those features. I haven't used it, but it just came up in the list of things that were announced at KubeCon. Yeah, and if you see here, if you did attend KubeCon, they are giving you a free health check to test your infrastructure security scale on speed. So just tell them you're at KubeCon, you saw this article, you heard it on this podcast. I need a free health check.
00:11:02
Speaker
Perfect. And then I'm just going through my security list. Sysdig, another security vendor, launched Sysdig Advisor. And with the Sysdig Advisor now, from that dashboard, you will get a list of a prioritized list of issues. So if you're an admin, you just need to log in and see what's
00:11:22
Speaker
completely wrong with your environment and then move down the list from higher priority, lower priority, and address the most critical problems first. And these can include things like capacity or utilization or alert for clusters, namespaces, workload spots that you might have. Another feature that they highlighted, and they had a screenshot, I think, which was really cool. They have like a new way to help troubleshoot things where
00:11:44
Speaker
In the dashboard, you'll see helpful blogs, so resources that can help you troubleshoot, dashboards, and also logs from the resources that you're trying to troubleshoot. So everything in one place in a simple UI to help you do root cause analysis quicker and find that issue and troubleshoot it.
Open Source Security Innovations
00:12:02
Speaker
I've always been impressed by Assisting and their product. I think it's always worked really well. I used it at previous jobs as well. I know we've integrated it with Portworx.
00:12:13
Speaker
as well. And it's always been impressive to me how much is actually captured by the product. And I think part of the problem is, and maybe we have this problem as a whole, is we have so much data. So much that we're pulling out of these systems is, how do you present it in a useful way? That was a big problem for us, is how to dashboard the stuff correctly. And this was, I think, for
00:12:35
Speaker
five, four years ago or something when I was using it. It's really cool to see things like SysTake Advisor, which gives you that prior tribes list. Hopefully, your list is pretty small, but if not, I see the value in that for sure. Yeah, you have your action items. Every morning, you know what you're working on, for sure.
00:12:55
Speaker
Another security feature like Red Hat open-sourced Stack Rocks. So again, they acquired Stack Rocks, I think, a year back or a year and a half back. And they basically now, they rebranded it to, I think they call it Advanced Cluster Security or something like that. But now they have rebranded it back to Stack Rocks and open-source the project. It's available on GitHub. So developers can start using it to scan their container images and include that in their CI CD pipeline.
00:13:25
Speaker
Open service being under StackRocks. Yeah. Okay. Yeah. So like just an interesting observation, right? They didn't disclose how much they bought, how much they paid for acquiring StackRocks. But StackRocks had acquired like $65 million or not acquired, but raised $65 million across all of their funding rounds. And now it's an open source project. So that's something to think about. But yeah, it's available for you to use as part of your development workflows.
00:13:49
Speaker
Yeah, well, I mean, we've seen it before, just because you have a ton of funding does not necessarily mean success, right? You know, Docker is a really good example. They've made a great change, I think, where they're focused now and their new valuation,
Industry Challenges and Layoffs
00:14:04
Speaker
everything. But remember the hype around that. And it's, you know, it was really a tool, right? And it wound up continuing to be that. But, you know,
00:14:12
Speaker
things that, you know, that's, I think that's the risk as an investor, right? You put so much money into it, but it's also great to see that we're not just, you know, leaving these things on the shelf is that we're taking projects like this and open sourcing them for Kubernetes. It really shows, you know, the importance of what people kind of see and value Kubernetes as.
00:14:32
Speaker
Yep. Uh, and like, since you brought up Docker, right? I was listening to, uh, another podcast and I think the Docker CEO was on and I didn't re like, I didn't remember it at that point, but like you Kubernetes was actually announced at one of the previous Docker gone event. So, uh, I don't know, just closing a loop on something. It seems ACS is, um, or the new acronym, right? Uh, that red hat has, um, it seems like they're just doing this to really focus only on, on their open shift. Yeah.
00:15:01
Speaker
container platform, which makes sense, right? Next, again, going down the security strike, Suze, they had acquired a company called New Vector, and now they are releasing, they are a container security platform as an open source project as well. So New Vector will provide you a container firewall that helps you protect your layer three through layer seven networks, and it displays real-time information, how your pods are talking to each other, so you can implement like monitor and then implement security rules, and it can help you
00:15:31
Speaker
uh like debug applications and discover if there is there has been a breach on your communities cluster so another
eBPF-Based Security Enhancements
00:15:38
Speaker
open open source project for you to check out yeah and that one i really like the visualizations it brings to managing security right for those listening we'll put the link in here but if you click on it
00:15:49
Speaker
they have they give a sort of visual screenshot of new vector and i think it goes a long way to show how things are connected because we all know working in microservices and containers there's processes and containers and all sorts of things running everywhere so.
00:16:06
Speaker
Having that ability to visualize your nodes and your pods and all this stuff, and maybe where these security flows are being restricted. I think WeaveWorks had a really good one network-wise in the past as well, but I really like to see these more and more visualizations of these products.
00:16:27
Speaker
Even when we were dealing with virtual machine-based applications, these views were important. And coming from a VMware background, I really like VMware Network or vRealize Network Insight that used to be a product. So getting that same functionality for containers and modern apps is perfect.
00:16:45
Speaker
Next vendor in the security ecosystem is another startup called Lacework. No funding round for them. And I saw an article yesterday that because of the recent financial events, they laid off 20% of their workforce. So that sucks for everybody that's affected. I'm sorry.
00:17:02
Speaker
During a week back at KubeCon, they announced updates to their Polygraph data platform and added support for audit log monitoring, so basically making sure you can go back and trace what events happen, audit events, what happens. They announced integrations with the admission controller in Kubernetes, so you can block certain apps from being deployed.
00:17:26
Speaker
and then the ability to remediate infrastructure as code whenever it's used to provision a cluster and provision an application. So a few updates, but again, just a situation where we are and it just sucks for people who will have to find new jobs now.
00:17:43
Speaker
Yeah. Listen, I mean, if you have Kubernetes skills, especially in the security space, um, yeah, exactly. You reach out to any one of these. Also reach out to us. We're happy to make a connection here or there, uh, to help you out if you are part of that. So lots of great skills. I'm sure you have.
00:18:02
Speaker
And then next, Cilium, they open sourced a project called Tetragon, which is an EBPF-based security observability and runtime enforcement platform. So it used to be a part of the Isovalent Cilium enterprise for yours. And now they just took out that code base, open source state, so everybody gets that deep visibility that's required in running applications on Kubernetes without a lot of overhead. So if you want to learn more about EBPF,
00:18:31
Speaker
I'm pretty sure Ryan and I know of a resource. You should go and check our eBPF 101 episode to learn how eBPF works. But Tetragon basically works with eBPF and that kernel level collector and collects information and then helps you specify enforcement rules as well to make sure that you're running a secure environment or running your applications in a secure way. Absolutely.
00:18:56
Speaker
And then I think to close up my security list, the last one is Aqua Security. We started with A, maybe we're ending with A, I don't know, should have been the other way around. Aqua basically said that they're open source project, Trivi, I'm pretty sure.
00:19:12
Speaker
Many of you are already using it. Trivi has added a whole lot of new functionality, and it can basically help you scan everything. And this includes integrations built into your IDEs, like JetBrains, VS Code, and helping developers move security further to the left. All the security vendors keep talking about shift left. So right in the IDE, you'll have integrations that will help you scan your container images or just your code. It will help you compile
00:19:40
Speaker
Software bill of materials or
Kubernetes Monitoring and Data Services
00:19:42
Speaker
S bombs. I know that that's a huge thing now for the past five, six months. It was included in the keynotes at KubeCon North America as well. Why S bomb is so important to have, especially when you're dealing with open source projects. It can
00:19:55
Speaker
help you scan your communities cluster and get a list of all the risks and things that you need to fix. If you have regulatory compliance that you need to follow, they'll give you a list of audit logs or things there as well. It can integrate into CI-CD pipelines. And then they also have a Docker desktop integration. So if you're running local development environments, you can still use Trivi. But they did some rebranding.
00:20:22
Speaker
Trivi, that definitely is an open source project, but there's a new thing called Trivi Premium, which is their enterprise version. So just make sure you're using something to secure your applications. For this left, you can, and then then push them to production. Excuse me. I really like this quote by Amir Jerbi, where he says that, you know,
00:20:43
Speaker
security professionals are overwhelmed with the number of tools they're required to use and consolidating tools where possible. Sorry. Helps teams becomes more efficient. I think this outlines something really important, right? As we're innovating and seeing more and more tools and projects come into this space, this is going to be a natural sort of feeling, I think, with
00:21:05
Speaker
operators were seeing the same things, security were seeing the same things. So consolidating everything sort of centrally is really good and I agree it's a great move forward.
00:21:16
Speaker
Awesome. So like moving on, I think we are done with security vendors. Now everything else is in like the second bucket, which covers storage monitoring and whatever else was announced or whatever else we could find. There's a lot of security though, you're right. I mean, would you say that the takeaway is security is the sort of overall theme that we've seen here?
00:21:37
Speaker
Yes, for sure. I was looking at blogs that different individuals did, not vendor specific, but just overall summary blogs, videos from the cube, and the new stack, and security was definitely a theme for this KubeCon. Everybody was talking about how we can help you make things more secure and make sure that you don't get hacked or get attacked by ransomware, which leads me to the next section, if I can.
00:22:06
Speaker
Kastin, a part of Veeam, announced a new version for their K10 product. Now, K10 is up to version 5, so K10v5. They had ransomware capabilities where they supported object lock functionality. Now, they added a way to use their dashboard to see if you're actually being attacked
00:22:28
Speaker
by a ransomware attack in real time. So, since Castin knows how to write backups to an S3 bucket and how to read from those S3 buckets to restore applications, they know what those IO patterns look like. And if something that doesn't fit that IO profile happens to your backup targets, they can alert you and maybe
00:22:49
Speaker
alert you in real time that you are getting hit by a ransomware attack so you can fix things or manage things right now rather than having to restore from those object lock enable backup. So that's an interesting use case. I didn't think like storage vendors or backup vendors could go to that next step about after supporting object lock, but this is a new functionality. Yeah, it begs the question of where sort of the responsibilities of like a storage vendor or a backup vendor stop in a security vendor start.
00:23:19
Speaker
I think this is sort of natural, right? If you, like you said, Kasten has all the awareness of what it's doing with those. So it's kind of a firsthand source of being able to do that without adding a whole other tool, right? I think this is actually a really good leap forward. Although it begs the question of like, you know, do security companies, vendors like Aqua and things like that, you know, have the ability to do these things too, sort of a more generalized, you know,
00:23:45
Speaker
Scale and not you know, just within cast into right. There's a lot of storage and backup vendors. We've talked about the show So oh, that's a great point Ryan. Yeah agreed, right? Like I'm pretty sure all these security vendors do have alerts and things when you are being attacked So yeah, I don't know it sounded interesting to me But then thinking about like when you brought in that perspective it like okay Yeah, it makes sense like security vendors do already have these features. So you have to find that right balance and
00:24:13
Speaker
Okay, next, let's move on to monitoring Datadog, everybody's favorite vendor in the AWS ecosystem, enhance their monitoring capabilities for Kubernetes as well. So they now can help you with monitoring your pods, your containers that you're running by just installing a simple Datadog agent on your Kubernetes cluster.
00:24:36
Speaker
and get more visibility into health and performance of your clusters. They also have CSPM or cloud security posture management dashboards and cloud workload security dashboards or even the monitoring companies helping customers with security. They can now help you monitor your communities clusters and
00:24:55
Speaker
through that security dashboard, point out critical misconfigurations. If you want CIS benchmarks, they can tell you what's missing, and then it can help you detect attacks against your Kubernetes infrastructure in real time. So again, even from monitoring, I think security is a trend. Oh, absolutely. I mean, seeing trends in the data you're collecting, monitoring-wise, is a huge part of the value. So I think that's a natural intersect for monitoring companies. And it's a must, right, with Kubernetes infrastructure, as we know.
00:25:25
Speaker
And I was listening to the new Stackpod. They did a video and an interesting fact like Datadog reported that most of their customers that are running Kubernetes are running at least on an average 18 month old releases. So even though Kubernetes comes out with a new release every four months, customers are not running and upgrading their Kubernetes cluster. So yeah, something to think about.
00:25:52
Speaker
Absolutely. And I think it depends on what industry you are in running the Kubernetes infrastructure. There's maybe a need to upgrade more often in certain industries or maybe you're running on a managed service that does it for you for the most part.
00:26:08
Speaker
I think monitoring is definitely a way to take advantage, but it doesn't sort of eliminate obviously the need to upgrade. Although I think this is something we've seen over and over again is Kubernetes or even containers or OpenStack.
00:26:24
Speaker
delivered new releases so quickly and that's so hard to do at a sort of organizational level, right? So picking your strategy early on in your architecture of, you know, are we going to upgrade only on the major releases, right? Versus the miners or just do that and patch the vulnerabilities in between that, right? So I think, you know, I think it makes a lot of sense, but definitely a challenging problem.
00:26:50
Speaker
Yes. Next, we have Portworx. And we had a couple of announcements as well. We had two of our products that were in early access and beta modes called Portworx Data Services and Portworx PX Backup as a Service. Both of them were made generally available for customers to start consuming. So PX Backup as a Service allows you to use a SaaS service from Portworx. You can just connect your clusters and PX Backup
00:27:16
Speaker
will automatically inventory all your different namespaces, all your different application components that you're running, and help you create backup jobs, and also support ransomware protection. So you can add S3 object lock enabled buckets as your backup locations. So you have a write once read many backup snapshot for your applications that are running on Kubernetes cluster.
00:27:41
Speaker
you don't have to worry about installing or maintaining your px backup instance, it's available to you as a service. And then Portworx data services. Again, it helps you connect your Kubernetes clusters as well. Again, it's a SaaS service, bring in your clusters, bring your own Kubernetes clusters and then deploy different databases or data services like Cassandra and Postgres and Redis and all of those on your Kubernetes cluster. So instead of having to figure out different operators and
00:28:07
Speaker
figure out how to install these different operators, how to protect those different database instances, how to scale it up, how to manage the different versions. PDS or Portworx data services can give you that single point or single pane of glass to deploy and manage your databases that your developers can use for their applications.
00:28:24
Speaker
Yeah, I think the PDS stuff's a game changer, still obviously a bias there. But I think just researching new technologies, especially in the Kubernetes space, if you're someone really looking to run a number of data services and you're someone who likes to use managed services, spinning up a cluster, say on EKS, and then pointing at a solution that just looks at that thing and you can click a button and have a database,
00:28:50
Speaker
I think is super valuable. A, because you can still own that infrastructure. You don't necessarily have to shell out all your data to somewhere else and you don't know what's living. You can own your Kubernetes cluster. I think the term bring you on Kubernetes is still sort of the main point I think about there. So definitely a game changer.
00:29:12
Speaker
Oh, yeah. Moving along the storage space data core, which had acquired Maya data, and I think we covered that acquisition on the board as well. They are now using Maya data as open EBS storage framework, and they launched something called as Bolt that's available for customers to use. And I think they talk about NVMe capabilities for that storage layer and talk about how moving away from CSI and moving towards something that's more
00:29:41
Speaker
Kubernetes native or container native will help customers. So we see that interesting transition. If you do want to find out about the difference between CSI and container native, we did a podcast episode on that as well. So go to our library and check that out. Yeah, absolutely. I mean, with the cost of NVMe coming down, I think seeing more and more products that really take advantage of using these types of architectures or those IOPS characteristics that you get out of NVMe, I think we're going to see it more and more.
00:30:11
Speaker
Right. Especially as Kubernetes continues to mature, you know, really getting those, the performance out of Kubernetes and your storage structure is going to be a must. So really cool stuff. Yep.
00:30:23
Speaker
Next, on the storage ecosystem, NetApp announced early access program for your Astra Datastore, which is, again, Kubernetes native storage layer that provides file or read-write many functionality for your containers and virtual machines.
New Announcements in Kubernetes Ecosystem
00:30:40
Speaker
I think they announced it last year, launched a beta program in February, and now it's in early access. So I'm pretty sure they have some customers testing this out on-prem, on bare metal, or on virtual machines. So if you are a NetApp customer, if you're interested in getting
00:30:53
Speaker
Container storage. Check that out. It's just only NetApp customers? They said you have to fill out a form and then they will prioritize it. So I think they'll prefer NetApp customers, but yeah, try your luck, I guess. Yeah.
00:31:08
Speaker
Next, I think I'm done with storage vendors. Let me go back to a different topic then. Things that I don't know enough about. I'll start with Microsoft Azure Container Apps. Microsoft also had its build conference last week.
00:31:28
Speaker
which is more of a developer-focused conference, and they announced Azure Container Apps. Honestly, I haven't had a chance to read about it or learn more about it. I would love for somebody from Microsoft to come on the show and talk about why these are cool.
00:31:43
Speaker
Well, it adds some kind of serverless capabilities, but for your containers and gives them a Kubernetes background, but that's the extent of what I know about it. It mostly looks like a project that takes other projects like Envoy and AKS and some of the other ones like KEDA and kind of puts them into sort of the ability to build the microservice architecture.
00:32:10
Speaker
obviously focus on applications. So I think this, you know, as we also see the trend towards focusing on the application and above now.
00:32:21
Speaker
Um, this definitely is going to be, I think something we see over and over again is companies, especially bigger companies like Microsoft, really getting into, um, you know, how to fast track the whole stack, right? Um, providing Kubernetes like AKS is, is not enough now because you need all these components. Like we've talked about monitoring. Security networking, all these things, uh, putting me in into a full stack. So really interesting stuff, but I agree, you know, would be great to have someone come on here and talk about that.
00:32:51
Speaker
Yep. And then just moving on down the list of things that I haven't played around with Pulumi and their infrastructure as code, they announced a new thing called Pulumi cross code, which is that universal translation layer. So if you are already using things like Terraform or CloudFormation or Azure Resource Manager,
00:33:12
Speaker
Crosscode will allow you to convert those configurations into Pulumi's version. Pulumi will also use Crosscode to talk to your existing infrastructure that's managed by these infrastructure support systems.
00:33:27
Speaker
I know Terraform is a really popular tool for customers who are using multiple different platforms or multiple different clouds. Pulumi has been gaining a lot of traction in the infrastructure as code space. And with cross code, I think they'll see a lot of adoption, increase in adoption because they'll now be able to translate between different kinds of ISE platforms. Yeah. And this is, I think, a super cool tool for DevOps teams and being able to really find the
00:33:56
Speaker
the skills and the people to build those DevOps teams. First of all, it's hard to find the right individuals who know enough about Kubernetes and how to really build a full stack. As you hire them, everyone always comes in with different language, whether it's Python or Java or JavaScript. This was a huge value
00:34:18
Speaker
For developers with containers in general right polyglot architecture you can put your own language into that container and it could talk to something else running completely different one built by a completely different team i think this sort of brings a similar aspect to that right you may come in there with a lot of python experience or job experience and you can manage the same object
00:34:39
Speaker
or GCP or AWS, whether or not you need to relearn a whole language or a whole new SDK because you're part of a new team. I think that I see as the most valuable part of this is that it allows you to hit the ground running faster with your team.
00:35:02
Speaker
Yeah, I also saw a lot of noise around their booth at KubeCon. Maybe I'm just following more people that love Pulumi, but I saw a lot of noise around it and people were really excited about this announcement as well. Yeah, very cool. Next, I think Nvidia, I think people were surprised by this announcement, but Nvidia open-sourced its GPU drivers for Linux to enable more and more developers to write applications that uses Nvidia's GPUs effectively. So instead of having to,
00:35:31
Speaker
build translation layers, they're like, okay, here are our drivers and kernel modules, just use them and write applications. I think in the blog post, I saw Canonical and Susie can immediately start packaging up these open source kernel modules with Ubuntu and Susie Linux distributions. So developers can start using these distributions to write code for applications that need GPU access.
00:35:54
Speaker
Yeah, absolutely. I mean, I think I remember doing a project targeting GPUs in sort of the IoT space and having to specifically go out and fetch certain kernel libraries. I mean, having things just built in to be able to work. I see this super valuable for the paths and sort of misstructural providers.
00:36:17
Speaker
And I think last on my list is around optimizing your containers and Kubernetes clusters and eliminating waste in terms of the amount of money you spend on running these services. Cube cost. Another startup, I think we have covered a couple of your funding rounds in earlier episodes, but they provide you a dashboard about
00:36:38
Speaker
so they can monitor your running applications and then point out that certain containers might not have those resource limits and quota set, and they might be consuming more resources, certain applications might have those limits set to a really high point, and they might actually not need those many resources. So, Kube Course will give you a view around these recommendations. And now, with the latest announcement, they have announced that, okay,
00:37:06
Speaker
From that dashboard itself, they have one-click operations to update your running pod, so update those specifications and bring down your resource consumption.
KubeCon Key Trends Summary
00:37:14
Speaker
So that's a really cool way to make sure people are not spending too much money to run applications which don't need as much resources. When I started reading about it, I thought this might be around right sizing. The number of communities work on nodes or something like that, but it's actually at the pod level, at the container level, they're looking at these resource consumption. Yeah, it seems more about
00:37:36
Speaker
Optimizing efficiencies of existing infrastructure, right? So I mean anyone who's built an application and have messed around with resource allocations first of all getting that right in the right syntax in YAML is a Pain and then knowing that for every single container you put out there and and knowing that hey
00:37:57
Speaker
The reality is in your CICB pipelines, often you'll do testing that finds the right balance of resource allocations, but you sort of find that number and you up it a little bit, right? And then you push the thing onto production and hopefully it doesn't go over it. So having something, again, I think there's a trend here in many of the news articles that we've talked about today is real-time feedback, right? Real-time feedback of, are my objects safe?
00:38:26
Speaker
ransomware, right? Real-time feedback, is it being attacked? Real-time feedback of, you know, is my application running efficiently? If it's not, let's adjust it, and I don't have to go touch YAML, right? So I think, again, this is, you know, maybe part of our recap notes here, but real-time sort of feedback and maturity, right, of Kubernetes and these vendors, I think, is a real trend and absolutely valuable.
00:38:51
Speaker
I know. And personally, when I was deploying virtual machines in my previous jobs, I never knew what the size should be. I always went with, oh, if this is a small application, maybe two vCPUs, four gigs of RAM. Oh, if this is an important application, let's go for four vCPUs and eight gigs of RAM. But I'm pretty sure none of my applications actually use that much resources.
00:39:11
Speaker
Having a tool that can help you monitor individual containers definitely helps. Yeah, when this probably comes from a time in which, you know, you had to shut everything down to adjust those as well, right? It wasn't so easy to adjust them on the fly. You'd have to take down your application and all sorts of stuff. Maybe you provision a whole new VM, right, to do those kind of things. Obviously, that's come a long way. Even in VMware infrastructure, you can just kind of adjust it on the fly with containers adjusted on the fly. We're spoiled now.
00:39:41
Speaker
It makes a lot of sense to do things in real time.
Conclusion and Next Episode Preview
00:39:45
Speaker
I think those were all the vendors that I had on our list. I think when you were looking at our nodes, weren't we at the 20 vendor mark? I don't know. It was 20, yeah. It was 20 or 19, something like that. And I'm sure we missed a lot, right? Oh, yeah. The reality is you'll find a lot of these KubeCon recaps.
00:40:03
Speaker
um, across different podcasts. And I think they all have a ton of value. Ours is definitely going to be tailored a little bit towards storage. Um, although as you saw, there's a ton going on in the security space, even security across, uh, other sort of verticals like so, um, you know, lots, lots of good stuff here. Um, and we'll put all these, uh, links to these articles, if you're interested in them, uh, in our show notes.
00:40:30
Speaker
So let's do a little bit of a takeaways. I mean, I think we talked about this a little bit, but, you know, as someone who commented a lot on what you were talking about in all the different articles, I think the major takeaways, right, are a security is obviously a huge focus as it should be. All right. And that's across the board. You know, as we're seeing
00:40:53
Speaker
the maturity of the Kubernetes community and products out there. We've innovated fast. We've got Kubernetes in production. It's super viable in production. We're using storage with it, all sorts of things. And now we're like, oh, now we got to secure it. I mean, maybe there's better ways in the future we should get security from the get-go, but I think this is an actual fit. Second is this idea of we're moving away from
00:41:20
Speaker
The folks running kubernetes really just working with the low-level objects right we're moving towards ui's we're moving towards Visualizations are moving towards real-time feedback and adjustments right on on the intelligence sort of layer where you know someone is part of a dev ops team running kubernetes
00:41:43
Speaker
organization probably isn't, you know, going to have to, I mean, they will, they'll use a ton of YAML and they'll use a ton of CLI. But the point is, you know, we're moving towards that maturity that we see even, you know, managing VMware infrastructure, right? It's all that's, you know, for better or for worse, a lot of it's UI driven now, but I think there's a lot of benefit of, I think we're sort of creeping that way with a lot of these products.
00:42:08
Speaker
Yeah, it helps onboard more people, right? People who might not be as comfortable with CLI and writing their own YAML files. Even the most of us just copy paste YAML files from somebody else's GitHub repositories.
00:42:24
Speaker
I agree with your point. More and more focuses on making sure this looks production-ready. People can run their apps without any security concerns. They can run it in a better way. To add to your security point, I think one thing that I didn't see in this KubeCon was the discussion between, oh, is communities ready for stateful apps? I didn't see any blogs or any vendors or any talks around
00:42:49
Speaker
Kubernetes is just for stateless. No, no, no, you can run stateful apps as well. We have, I think, cleared that confusion. Everybody agrees that you can run stateful applications on Kubernetes. You see vendors like EDV, like data stacks on the show floor talking about their operators, talking about their managed services, and how customers can run it on their own Kubernetes cluster, including things like Portworx data services. So like a lot of vendors out there talking about storage, how you can run it on Kubernetes.
00:43:16
Speaker
We'll see a lot of apps being migrated away, migrated on to Kubernetes now. I'm pretty sure with KubeCon North America. In addition to security, I have a feeling maybe we can come back and see if this prediction turns out to be good. But I feel that more and more money will be spent by startups on optimizing the developer experience. We have seen a couple of smaller startups picking up seed funding earlier this year.
00:43:40
Speaker
around how they can provide these developer sandboxes so they can, instead of spinning up their own Kubernetes cluster, they have a sandbox where they can test their applications, deploy it, and then push it to production. So maybe that's a trend. We'll see how it works out in a few months' time when we are all at KubeCon North America.
00:43:55
Speaker
That's right, and I feel like there's sort of a minor trend that is going to blow up as well. We'll call it a prediction, right? If we want to do predictions for KubeCon, is the coexistence of VMs and containers, right? We see Astra Datastore specifically mentioning in their press releases saying that, you know,
00:44:15
Speaker
Yes, we're doing Astra Data Store for containers, but we're designing it from the get-go with VMs in mind. This is natural fit, especially for NetApp with their customer base. But we also see it with Red Hat. Red Hat's going that route of everything's integrated. VMs are becoming a first-class citizen as they always were in most organizations now in OpenShift, which is traditionally just been containers.
00:44:40
Speaker
I think we're going to see a lot more focus on, okay, how do we adjust and sort of manage all of this stuff from the single pane of glass that we have for containers now that we're seeing the maturity for Kubernetes? And I don't know, that's probably less of a prediction than you think. We already see a trend there, but I think it's definitely going to see, we're going to see a lot more around that in the future.
00:45:04
Speaker
Yeah, so I think that brings us to the end of today's episode. As always, listeners can find other episodes on Anchor or wherever you listen to podcasts. I think we just added a couple of different RSS feeds to other podcasting platforms. So again, if you don't have
00:45:25
Speaker
the one that you want, let us know. We'll try to put it on there. And also, we encourage you to send us feedback or a message on Anchor or wherever you can review podcasts. Next two weeks, we are talking about Redis on Kubernetes. So really excited about that one. Redis has been around and has been a widely used data service for so long.
00:45:46
Speaker
and obviously early days in Kubernetes as well, because it doesn't necessarily need a lot of underlying disks. So anyway, we're going to be talking about that, really excited about that. And with that, that brings us to the end of today's episode. I'm Ryan. I'm Bob. And thanks for joining another episode of Kubernetes Bites. Thank you for listening to the Kubernetes Bites podcast.